BYOD has come to the enterprise in a big way. The cost savings and productivity and engagement benefits it offers make it appealing to organizations both large and small. Not every enterprise is ready to successfully roll out a BYOD initiative without creating security issues however. This is particularly true of SMBs and newer companies, whose budgeting priorities may preclude robust IT staffs while making BYOD's cost savings especially tempting. To help customers whose enthusiasm for BYOD may outstrip their understanding of the risks, make sure you communicate the risks of unprotected BYOD devices.
1. Mobile malware
Unprotected BYOD devices are especially prone to mobile malware for several reasons. In recent years, the creators of malicious software have increasingly focused on mobile devices, where the endpoint security marketplace is less established and less robust than in the PC space and where users are often less careful about what apps they download and install. When a fun-sounding app comes cheap (or free!) on the app store and can be had with just one click, end users often end up downloading things they shouldn't. And when mobile malware compromises a BYOD device, the best case scenario is productivity being inhibited for one user. The worst case scenario is a spread of the infection to other devices or the corporate network itself.
2. Noncompliant data sharing
Speaking of user carelessness, BYOD devices increase the risk of corporate data being inappropriately shared, or saved on cloud services outside of IT control (or, in the worst case, out of regulatory compliance). Cloud-based file sync and share services like Box, Dropbox, and Google Drive are popular among mobile users because of their ease of use and the accessibility of the files thus stored. Unfortunately, they may not work with your customers' data security needs. Unprotected BYOD devices that lack secured, corporate-approved productivity and file sync and share software—such as the apps that come with Mobile Device Management (MDM) solutions like Citrix's XenMobile—increase the risk that corporate data will be inappropriately stored or shared.
3. Device loss or theft
Finally, unprotected BYOD devices themselves can become a liability if they're lost or stolen. BYOD devices are set up to access and often store sensitive corporate data. If they're lost or stolen while unsecured, that corporate data can end up in the wrong hands and cause disastrous data breaches or compliance violations. Unfortunately, there is no way to fully prevent device loss or theft. Instead, organizations must mitigate the risk by requiring strong device-level authentication measures, such as password or PIN codes, and by installing MDM software on the endpoints to enable remote wiping of corporate data when devices are reported lost or stolen or employees leave the company.
Information security is a balancing act. Enterprises must balance their budgetary limitations against the risks of money-saving initiatives like BYOD, choosing security solutions wisely to mitigate those risks while enjoying BYOD's benefits. It may sound tricky, but it can be done with the help of a VAR who understands how to overcome the security weaknesses of unprotected BYOD devices.
Have you ever encountered a security breach caused by unprotected BYOD devices? Tell us your story in the comments.